diff --git a/.github/workflows/build-all.yml b/.github/workflows/build-all.yml index 766d08b..f5e55b2 100644 --- a/.github/workflows/build-all.yml +++ b/.github/workflows/build-all.yml @@ -21,14 +21,14 @@ jobs: testsNeeded: ${{ steps.testsNeeded.outputs.testsNeeded }} steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Lowercase repo owner id: repo_owner run: echo "lowercase=$(echo ${{ github.repository_owner }} | tr \"[:upper:]\" \"[:lower:]\")" >>$GITHUB_OUTPUT shell: bash - name: testsNeeded id: testsNeeded - uses: dorny/paths-filter@v2 + uses: dorny/paths-filter@v3 with: filters: | testsNeeded: @@ -43,11 +43,11 @@ jobs: matrix: ${{ fromJson(needs.workflow_setup.outputs.os_matrix) }} steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ matrix.os_version }}-${{ github.sha }} @@ -55,7 +55,7 @@ jobs: ${{ runner.os }}-buildx-${{ matrix.os_version }} ${{ runner.os }}-buildx - name: Build node image based on ${{ matrix.os_version }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: file: build/Dockerfile.${{ matrix.os_version }} context: ./build @@ -65,7 +65,7 @@ jobs: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Upload docker image artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: indy_node_${{ matrix.os_version }} path: /tmp/indy_node_${{ matrix.os_version }}.tar @@ -86,11 +86,11 @@ jobs: if: ${{ needs.workflow_setup.outputs.testsNeeded == 'true' }} steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-controler @@ -98,7 +98,7 @@ jobs: ${{ runner.os }}-buildx-controller ${{ runner.os }}-buildx - name: Build node controller image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: context: ./controller push: false @@ -107,7 +107,7 @@ jobs: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Upload docker image artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: indy_node_controller path: /tmp/indy_node_controller.tar @@ -126,18 +126,18 @@ jobs: fail-fast: false steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 with: driver-opts: network=host - name: Download node artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: indy_node_${{ matrix.os_version }} path: /tmp - name: Download controller artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: indy_node_controller path: /tmp @@ -159,7 +159,7 @@ jobs: ./parse_validator_info.sh echo "::endgroup::" - name: Safe ledger_state.json for later inspection - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.os_version }}-tmp-test-${{ github.sha }}-ledger_state.json path: ledger_state.json @@ -178,7 +178,7 @@ jobs: steps.ledger.outputs.n2_unreachable != 0 || steps.ledger.outputs.n3_unreachable != 0 || steps.ledger.outputs.n4_unreachable != 0 - uses: actions/github-script@v3 + uses: actions/github-script@v7 with: script: core.setFailed('${{ matrix.os_version }} - Not all nodes are in sync!') - name: Send node restart command @@ -194,7 +194,7 @@ jobs: echo "::set-output name=count::$(echo "$OUTPUT" | awk -F= '$1>${{ steps.node-restart.outputs.restart-time }}' | wc -l)" - name: Fail if not all nodes restarted if: steps.nodes_restarted.outputs.count != 4 - uses: actions/github-script@v3 + uses: actions/github-script@v7 with: script: core.setFailed('${{ matrix.os_version }} - Not all nodes have been restarted') @@ -214,7 +214,7 @@ jobs: matrix: ${{ fromJson(needs.workflow_setup.outputs.os_matrix) }} steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: indy-node-version id: indy-node-version shell: bash @@ -226,9 +226,9 @@ jobs: echo "::endgroup::" echo "nodeVersion=${nodeVersion}">> $GITHUB_OUTPUT - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ matrix.os_version }}-${{ github.sha }} @@ -236,14 +236,14 @@ jobs: ${{ runner.os }}-buildx-${{ matrix.os_version }} ${{ runner.os }}-buildx - name: Log in to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Meta for indy_node id: meta_indy_node - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ghcr.io/${{ needs.workflow_setup.outputs.repo_owner }}/indy-node-container/indy_node flavor: | @@ -259,7 +259,7 @@ jobs: org.opencontainers.image.description=Indy Node Container based on ${{ matrix.os_version }} org.opencontainers.image.vendor=Hyperledger - name: Push indy node based on ${{ matrix.os_version }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: file: build/Dockerfile.${{ matrix.os_version }} context: ./build @@ -279,11 +279,11 @@ jobs: if: ${{ github.event_name != 'pull_request' }} steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-controler @@ -291,14 +291,14 @@ jobs: ${{ runner.os }}-buildx-controller ${{ runner.os }}-buildx - name: Log in to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Meta for indy_node_controller id: meta_indy_node_controller - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ghcr.io/${{ needs.workflow_setup.outputs.repo_owner }}/indy-node-container/indy_node_controller flavor: | @@ -314,7 +314,7 @@ jobs: org.opencontainers.image.description=Indy Node Container Controller org.opencontainers.image.vendor=Hyperledger - name: Push indy node controller - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: context: ./controller push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/trivy-all.yml b/.github/workflows/trivy-all.yml index efb4e55..415d8e5 100644 --- a/.github/workflows/trivy-all.yml +++ b/.github/workflows/trivy-all.yml @@ -28,7 +28,7 @@ jobs: os_version: [ debian10, debian11, ubuntu16, ubuntu18, ubuntu20 ] steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: indy-node-version id: indy-node-version shell: bash @@ -54,14 +54,14 @@ jobs: sed -i 's/"name": "Trivy",/"name": "Trivy${{ matrix.os_version }}Latest",/g' trivy-indy-node-${{ steps.indy-node-version.outputs.nodeVersion }}-${{ matrix.os_version }}.sarif - name: 'Safe trivy-indy-node-${{ matrix.os_version }}.sarif' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: trivy-indy-node-${{ steps.indy-node-version.outputs.nodeVersion }}-${{ matrix.os_version }}.sarif path: trivy-indy-node-${{ steps.indy-node-version.outputs.nodeVersion }}-${{ matrix.os_version }}.sarif retention-days: 8 - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-indy-node-${{ steps.indy-node-version.outputs.nodeVersion }}-${{ matrix.os_version }}.sarif'